/[gentoo-x86]/eclass/ssl-cert.eclass
Gentoo

Diff of /eclass/ssl-cert.eclass

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.20 Revision 1.21
1# Copyright 1999-2011 Gentoo Foundation 1# Copyright 1999-2014 Gentoo Foundation
2# Distributed under the terms of the GNU General Public License v2 2# Distributed under the terms of the GNU General Public License v2
3# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.20 2013/01/03 19:19:55 alonbl Exp $ 3# $Header: /var/cvsroot/gentoo-x86/eclass/ssl-cert.eclass,v 1.21 2014/03/20 19:30:32 vapier Exp $
4 4
5# @ECLASS: ssl-cert.eclass 5# @ECLASS: ssl-cert.eclass
6# @MAINTAINER: 6# @MAINTAINER:
7# @AUTHOR: 7# @AUTHOR:
8# Max Kalika <max@gentoo.org> 8# Max Kalika <max@gentoo.org>
14# "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem} 14# "install_cert /foo/bar" installs ${ROOT}/foo/bar.{key,csr,crt,pem}
15 15
16# @ECLASS-VARIABLE: SSL_CERT_MANDATORY 16# @ECLASS-VARIABLE: SSL_CERT_MANDATORY
17# @DESCRIPTION: 17# @DESCRIPTION:
18# Set to non zero if ssl-cert is mandatory for ebuild. 18# Set to non zero if ssl-cert is mandatory for ebuild.
19# 19: ${SSL_CERT_MANDATORY:=0}
20SSL_CERT_MANDATORY="${SSL_CERT_MANDATORY:-0}"
21 20
22# @ECLASS-VARIABLE: SSL_CERT_USE 21# @ECLASS-VARIABLE: SSL_CERT_USE
23# @DESCRIPTION: 22# @DESCRIPTION:
24# Use flag to append dependency to. 23# Use flag to append dependency to.
25# 24: ${SSL_CERT_USE:=ssl}
26SSL_CERT_USE="${SSL_CERT_USE:-ssl}"
27 25
28if [[ "${SSL_CERT_MANDATORY}" = 0 ]]; then 26if [[ "${SSL_CERT_MANDATORY}" == "0" ]]; then
29 DEPEND="${SSL_CERT_USE}? ( dev-libs/openssl )" 27 DEPEND="${SSL_CERT_USE}? ( dev-libs/openssl )"
30 IUSE="${SSL_CERT_USE}" 28 IUSE="${SSL_CERT_USE}"
31else 29else
32 DEPEND="dev-libs/openssl" 30 DEPEND="dev-libs/openssl"
33fi 31fi
106# 104#
107# Access: private 105# Access: private
108gen_key() { 106gen_key() {
109 local base=`get_base $1` 107 local base=`get_base $1`
110 ebegin "Generating ${SSL_BITS} bit RSA key${1:+ for CA}" 108 ebegin "Generating ${SSL_BITS} bit RSA key${1:+ for CA}"
111 /usr/bin/openssl genrsa -rand "${SSL_RANDOM}" \ 109 openssl genrsa -rand "${SSL_RANDOM}" \
112 -out "${base}.key" "${SSL_BITS}" &> /dev/null 110 -out "${base}.key" "${SSL_BITS}" &> /dev/null
113 eend $? 111 eend $?
114 112
115 return $? 113 return $?
116} 114}
123# 121#
124# Access: private 122# Access: private
125gen_csr() { 123gen_csr() {
126 local base=`get_base $1` 124 local base=`get_base $1`
127 ebegin "Generating Certificate Signing Request${1:+ for CA}" 125 ebegin "Generating Certificate Signing Request${1:+ for CA}"
128 /usr/bin/openssl req -config "${SSL_CONF}" -new \ 126 openssl req -config "${SSL_CONF}" -new \
129 -key "${base}.key" -out "${base}.csr" &>/dev/null 127 -key "${base}.key" -out "${base}.csr" &>/dev/null
130 eend $? 128 eend $?
131 129
132 return $? 130 return $?
133} 131}
143# Access: private 141# Access: private
144gen_crt() { 142gen_crt() {
145 local base=`get_base $1` 143 local base=`get_base $1`
146 if [ "${1}" ] ; then 144 if [ "${1}" ] ; then
147 ebegin "Generating self-signed X.509 Certificate for CA" 145 ebegin "Generating self-signed X.509 Certificate for CA"
148 /usr/bin/openssl x509 -extfile "${SSL_CONF}" \ 146 openssl x509 -extfile "${SSL_CONF}" \
149 -days ${SSL_DAYS} -req -signkey "${base}.key" \ 147 -days ${SSL_DAYS} -req -signkey "${base}.key" \
150 -in "${base}.csr" -out "${base}.crt" &>/dev/null 148 -in "${base}.csr" -out "${base}.crt" &>/dev/null
151 else 149 else
152 local ca=`get_base 1` 150 local ca=`get_base 1`
153 ebegin "Generating authority-signed X.509 Certificate" 151 ebegin "Generating authority-signed X.509 Certificate"
154 /usr/bin/openssl x509 -extfile "${SSL_CONF}" \ 152 openssl x509 -extfile "${SSL_CONF}" \
155 -days ${SSL_DAYS} -req -CAserial "${SSL_SERIAL}" \ 153 -days ${SSL_DAYS} -req -CAserial "${SSL_SERIAL}" \
156 -CAkey "${ca}.key" -CA "${ca}.crt" \ 154 -CAkey "${ca}.key" -CA "${ca}.crt" \
157 -in "${base}.csr" -out "${base}.crt" &>/dev/null 155 -in "${base}.csr" -out "${base}.crt" &>/dev/null
158 fi 156 fi
159 eend $? 157 eend $?
244 install -d "${ROOT}${cert%/*}" 242 install -d "${ROOT}${cert%/*}"
245 install -m0400 "${base}.key" "${ROOT}${cert}.key" 243 install -m0400 "${base}.key" "${ROOT}${cert}.key"
246 install -m0444 "${base}.csr" "${ROOT}${cert}.csr" 244 install -m0444 "${base}.csr" "${ROOT}${cert}.csr"
247 install -m0444 "${base}.crt" "${ROOT}${cert}.crt" 245 install -m0444 "${base}.crt" "${ROOT}${cert}.crt"
248 install -m0400 "${base}.pem" "${ROOT}${cert}.pem" 246 install -m0400 "${base}.pem" "${ROOT}${cert}.pem"
249 count=$((${count}+1)) 247 : $(( ++count ))
250 done 248 done
251 249
252 # Resulting status 250 # Resulting status
253 if [ ${count} = 0 ] ; then 251 if [ ${count} = 0 ] ; then
254 eerror "No certificates were generated" 252 eerror "No certificates were generated"

Legend:
Removed from v.1.20  
changed lines
  Added in v.1.21

  ViewVC Help
Powered by ViewVC 1.1.20